Just a short while after upgrading WordPress to 2.1.1 there’s an announcement that 2.1.2 is released, with a warning that everyone running the older version upgrade immediately due to a potential security exploit. Go on, do it. Now. Do not pass go. Do not collect £200.
There’s a comment to be made here about verification of the software that we use – I generally check the md5 sum of software that I download (where it’s provided), but that can only provide a certain level of protection, especially in scenarios like this. In theory, with an open source product, once it’s released then there can be many people in a position to check the code and ensure that all is well – I’d like to think that something like that has happened in this case! Closed source software is naturally very different… I wonder if we hold the vendors to a different level of responsibility because of that?